This article is more than 1 year old

Drop the obsession with Big Data, zero days and just... help the business

Security pros urged to drop the crap, get into the scrap

Black Hat Europe Haroon Meer, founder of applied research company Thinkst, opened the Black Hat Europe conference last week with a keynote attacking the fashionable obsessions of the security businesses, including blind faith in Big Data and an obsession with zero-day vulnerabilities.

The keynote, entitled What Got Us Here Won't Get Us There*, exhorted conference attendees to roll their sleeves up and focus on deliverables and assisting their businesses rather than aiming for an unachievable security nirvana using Big Data and other fashionable technologies. Security pros face big trouble on the horizon with a crisis of both relevance and confidence.

Security teams and budgets are larger but this alone will not help unless infused priorities switch towards supporting the business with steady improvement instead of searching for the next great leap forward, according to Meer.

“We don’t know what’s going on but more data will fix it,” Meer told his audience. “Get as much data as we can and surely we can connect the dots. The [Edward] Snowden leaks disprove this.”

Likewise threat intelligence services, though of value to some, are not much use for the majority of organisations, Meer argued.

“There is a good argument for threat intel in limited cases but it doesn’t make sense for 90 per cent of people who are still dealing with 2003’s problems. The OPM [US government Office of Personnel Management] breach and Sony hack were about poor housekeeping, not about a lack of threat intel.”

Meer also criticised the infosec business’s “unhealthy obsession” with zero-day vulnerabilities. “Networks are getting compromised without zero days,” he pointed out.

Rather than focusing on the latest – hyped – technologies, businesses would do better to focus on attack mitigation technologies such as Microsoft’s Enhanced Mitigation Experience Toolkit (EMET).

“EMET is really useful,” Meer said. “Yes, it can be bypassed, but it will block a whole lot of attacks.”

Meer also highlighted honeypots as another effective, but unfashionable, technology as well as creating rather than buying effective security technologies.

“Busy work that doesn’t matter. We need to focus on therapeutic work,” Meer concluded, adding: “We should try lots of stuff because nothing we’re doing now is working.” ®

Blockquote

*The title of the talk was a reference to Marshall Goldsmith's best seller What Got You Here Won't Get You There.

More about

More about

More about

TIP US OFF

Send us news


Other stories you might like